svn commit: r1500641 - in /webservices/wss4j/trunk/ws-security-policy-stax/src: main/java/org/apache/wss4j/policy/stax/ main/java/org/apache/wss4j/policy/stax/assertionStates/ test/java/org/apache/wss4j/policy/stax/test/

coheigea Mon, 08 Jul 2013 03:18:23 -0700

Author: coheigea
Date: Mon Jul  8 10:17:36 2013
New Revision: 1500641

URL: http://svn.apache.org/r1500641
Log:
Don't validate HttpsToken policy if we are the message initiator


Modified:
    
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
    
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
    
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/HttpsTokenTest.java

Modified: 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java?rev=1500641&r1=1500640&r2=1500641&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/PolicyEnforcer.java
 Mon Jul  8 10:17:36 2013
@@ -288,7 +288,7 @@ public class PolicyEnforcer implements S
             assertableList.add(new 
SamlTokenAssertionState(abstractSecurityAssertion, false, initiator));
         } else if (abstractSecurityAssertion instanceof RelToken) {
             assertableList.add(new 
RelTokenAssertionState(abstractSecurityAssertion, false, initiator));
-        } else if (abstractSecurityAssertion instanceof HttpsToken) {
+        } else if (abstractSecurityAssertion instanceof HttpsToken && 
!initiator) {
             assertableList.add(new 
HttpsTokenAssertionState(abstractSecurityAssertion, false, initiator));
         } else if (abstractSecurityAssertion instanceof KeyValueToken) {
             assertableList.add(new 
KeyValueTokenAssertionState(abstractSecurityAssertion, false, initiator));

Modified: 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java?rev=1500641&r1=1500640&r2=1500641&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-policy-stax/src/main/java/org/apache/wss4j/policy/stax/assertionStates/HttpsTokenAssertionState.java
 Mon Jul  8 10:17:36 2013
@@ -75,7 +75,7 @@ public class HttpsTokenAssertionState ex
                     break;
                 case RequireClientCertificate:
                     if (httpsTokenSecurityEvent.getAuthenticationType() != 
HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication)
 {
-                        setErrorMessage("Policy enforces 
HttClientCertificateAuthentication but we got " + 
httpsTokenSecurityEvent.getAuthenticationType());
+                        setErrorMessage("Policy enforces 
HttpClientCertificateAuthentication but we got " + 
httpsTokenSecurityEvent.getAuthenticationType());
                         return false;
                     }
                     break;

Modified: 
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/HttpsTokenTest.java
URL: 
http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/HttpsTokenTest.java?rev=1500641&r1=1500640&r2=1500641&view=diff
==============================================================================
--- 
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/HttpsTokenTest.java
 (original)
+++ 
webservices/wss4j/trunk/ws-security-policy-stax/src/test/java/org/apache/wss4j/policy/stax/test/HttpsTokenTest.java
 Mon Jul  8 10:17:36 2013
@@ -111,7 +111,7 @@ public class HttpsTokenTest extends Abst
         } catch (WSSecurityException e) {
             Assert.assertTrue(e.getCause() instanceof 
PolicyViolationException);
             Assert.assertEquals(e.getCause().getMessage(),
-                    "Policy enforces HttClientCertificateAuthentication but we 
got HttpBasicAuthentication");
+                    "Policy enforces HttpClientCertificateAuthentication but 
we got HttpBasicAuthentication");
             Assert.assertEquals(e.getFaultCode(), 
WSSecurityException.INVALID_SECURITY);
         }
     }

svn commit: r1500641 - in /webservices/wss4j/trunk/ws-security-policy-stax/src: main/java/org/apache/wss4j/policy/stax/ main/java/org/apache/wss4j/policy/stax/assertionStates/ test/java/org/apache/wss4j/policy/stax/test/

Reply via email to